{"report_id":"8c4afeb8-e27c-4311-8997-38a016245c82","version":0,"status":"done","tags":[],"date":"2026-06-28T15:21:00Z","url":{"schema":"https","addr":"https-trip75co.icu/","fqdn":"https-trip75co.icu","domain":"https-trip75co.icu","tld":"icu"},"ip":{"addr":"198.13.158.219","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"https-trip75co.icu/","fqdn":"https-trip75co.icu","domain":"https-trip75co.icu","tld":"icu"},"title":"https://trip75.co подбора TripSkan недвижимости trip75 co Московская область","dom":{"size":22253,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (317)","md5":"5468ee4d42e50969d72b500318a56033","sha1":"34365b918ef38687c731a5c2ce883638281d278e","sha256":"c56b1f06061573a09d25122ddf2d1b7cdcd731425754c7e4da01196bd05dd189","sha512":"4ca5aa3c3b31d76a02b9451dd0f4c8a78097b090180e9d82efcd8f49a60f10f13617f02931b071ee247ca9df0fa02c00af9c0e4384eb9dae4af25973436a6631","ssdeep":"192:NTOSVFHsK06IWOBodFgYKNDQbTXlJswnlFzAg/7yJJZcCMJ6hbEHNN9L9w7XxzDw:gSVGB15WDM7/u1x615KnI3Che5shKRu","tlshash":"b6a2465285fb54962002f047ca0d6f0e39a954bfae2bc7113aac3a7e6ff2458c57671c","dom_hash":"domhash176b490a32b4f32558f9e70777959433","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"https-trip75co.icu/","fqdn":"https-trip75co.icu","domain":"https-trip75co.icu","tld":"icu"},"ip":{"addr":"198.13.158.219","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-02T15:21:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"https-trip75co.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"https-trip75co.icu","ip":{"addr":"198.13.158.219","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2026-06-16","domain_rank":0,"first_seen":"2026-06-28T13:57:48.097435Z","last_seen":"2026-06-28T13:57:48.097435Z","alert_count":2,"request_count":2,"received_data":35078,"sent_data":1079,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"i.ibb.co","ip":{"addr":"45.43.142.2","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2026-06-25T20:36:18.955775Z","alert_count":0,"request_count":1,"received_data":3370,"sent_data":561,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"https-trip75co.icu/antibot_generatecaptcha?GuuIGCERij","fqdn":"https-trip75co.icu","domain":"https-trip75co.icu","tld":"icu"},"ip":{"addr":"198.13.158.219","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://https-trip75co.icu/","date":"2026-06-28T15:20:37.826Z","timestamp":1782660037826,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"https-trip75co.icu","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 06:39:54 GMT","end":"Mon, 14 Sep 2026 06:39:53 GMT"},"fingerprint":{"sha1":"CB:EB:07:41:9B:F9:00:A4:58:82:3A:AE:6F:26:0F:BC:72:E3:B7:42","sha256":"EE:32:22:EC:9D:8F:5A:AC:E9:57:2F:94:4A:13:D0:F0:26:52:0D:62:65:86:23:32:0C:B1:88:E9:16:91:94:EC"}}},"request":{"raw":"GET /antibot_generatecaptcha?GuuIGCERij HTTP/1.1\r\nHost: https-trip75co.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://https-trip75co.icu/\r\nCookie: antibot=da47e3bc-8260-4b16-ab1c-f88ef58d9533\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Jun 2026 15:20:37 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11554\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nCache-Control: no-store, no-cache, must-revalidate, private\r\nExpires: 0\r\nLast-Modified: Wed, 14 Jan 2026 16:48:55 GMT\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11554,"size_decoded":11857,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"Blender:File:C:\\Projects\\captcha\\captcha-3.blend\", comment: \"Blender:Date:2023/02/14 21:56:03\", comment: \"Blender:Time:00:00:00:00\", comment: \"Blender:Frame:000\", comment: \"Blender:Camera:Camera\", comment: \"Blender:Scene:Scene\", comment: \"Blender:RenderTime:00:00.16\", baseline, precision 8, 380x120, components 3","md5":"deff68068c0e5ab4efeda54c098618b2","sha1":"620f234b5ac14f1905cbce7e5cfe212672f87335","sha256":"5a4226c244712016fdf0051dd72910d8e403caab0c3235128f500bbda728fdbf","sha512":"8e1a5d37bc136d9a31cb7510e1c1e5886b039592894adad390055bcc20a7d640555a1387659a3187bf221a37d97683483bf12c62d90a325554c8495589236162","ssdeep":"192:Z2yas7/pHVCWU32dtapLIzVH+Bw7TDnQC7q5P9XkCxUvmu88sWRW5SihggH5f:8yagRDUoauX7QCG5PnxWe8nRW5TgU5f","tlshash":"3032c076c555af9f7c17d632ee1a608bee382ddaf81469c914088207f1b07eee0ed601","first_seen":"2026-04-04T22:57:14.888055Z","last_seen":"2026-06-28T15:21:01.269303Z","times_seen":2,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"https-trip75co.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/wZQ6QRgr/Screenshot-20260520-113642.jpg","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.2","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://https-trip75co.icu/","date":"2026-06-28T15:20:38.219Z","timestamp":1782660038219,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Jun 2026 20:55:27 GMT","end":"Fri, 11 Sep 2026 20:55:26 GMT"},"fingerprint":{"sha1":"F3:94:FB:2D:47:B1:D4:D5:DC:81:D4:82:60:28:41:CA:E0:2F:C4:E0","sha256":"94:AB:9D:4D:48:FB:E5:4D:C0:DD:70:56:04:C3:4D:17:1E:AD:6A:C0:02:2E:98:A0:1C:47:DC:AB:AC:74:E0:81"}}},"request":{"raw":"GET /wZQ6QRgr/Screenshot-20260520-113642.jpg HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://https-trip75co.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: openresty\r\ndate: Sun, 28 Jun 2026 15:20:38 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3005\r\nlast-modified: Wed, 20 May 2026 08:48:52 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3005,"size_decoded":3370,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=0, orientation=[*0*], width=0], baseline, precision 8, 81x98, components 3","md5":"5b2fbf609cdd605012c5b7bf27c7892c","sha1":"18891053708f734dc3ceb30a233ee8f3e998db1a","sha256":"bed9d5cea475c945b977ac065444f2818fc14d327b6c6a5aefa32cba3e3cf17c","sha512":"2446bb45a24673e4c847959e006549a565cf0c40d0a1ca963442065298e2e676e044cafe2d42e7a270024c81968a081a5c1e67e56a8cac59d30398181035a601","ssdeep":"","tlshash":"ee512ae6d26716cffc632ff0690057c82611dc92f4ba26639055e2862e0abc18e39529","first_seen":"2026-06-28T13:57:51.177719Z","last_seen":"2026-06-28T15:21:01.272426Z","times_seen":2,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":2,"connect":20,"send":0,"wait":41,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"https-trip75co.icu/","fqdn":"https-trip75co.icu","domain":"https-trip75co.icu","tld":"icu"},"ip":{"addr":"198.13.158.219","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-28T15:20:37.098Z","timestamp":1782660037098,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"https-trip75co.icu","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Jun 2026 06:39:54 GMT","end":"Mon, 14 Sep 2026 06:39:53 GMT"},"fingerprint":{"sha1":"CB:EB:07:41:9B:F9:00:A4:58:82:3A:AE:6F:26:0F:BC:72:E3:B7:42","sha256":"EE:32:22:EC:9D:8F:5A:AC:E9:57:2F:94:4A:13:D0:F0:26:52:0D:62:65:86:23:32:0C:B1:88:E9:16:91:94:EC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: https-trip75co.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Jun 2026 15:20:37 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: antibot=da47e3bc-8260-4b16-ab1c-f88ef58d9533; Path=/; HttpOnly; Secure; SameSite=Strict\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22933,"size_decoded":6984,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (317), with CRLF line terminators","md5":"dde38edf9408acc962e6d10bdb5d5e3a","sha1":"135588bc76e2886886810025c7706230bbdf119b","sha256":"bf35e97d44c1f4ef726f4f6d893747831e9a8b080da83431d6a6a62cc1807026","sha512":"eba822511e814bfddeb5addf4ced95d7df8ffd0c2bc66b5e3cefc63042166b70270420a287198505bd902a6d382cf3eee4403ecdc83c66bd31ec3dc28af3b27c","ssdeep":"192:EYBw3T6YSPxGU7Zw2BWNX4LkgWO6olkcqZaZJjxdpZvMfFsp0JfOyp8NTJ+CCWJh:W3T1tYZ3zUcu6jxs9tnFWJ0GSQG1yL","tlshash":"88a2f321c5d954962032e057cb195b0ef9a904bfab2647163abc367f2ff2518c527a1c","first_seen":"2026-06-28T15:21:01.274432Z","last_seen":"2026-06-28T15:21:01.274432Z","times_seen":1,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":90,"connect":24,"send":0,"wait":193,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"https-trip75co.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}